internal/appsec: rework appsec telemetry (#3345)

Author: eliottness

instrumentation/appsec/emitter/waf/addresses/rasp_rule_type.go

@@ -6,31 +6,45 @@
 package addresses
 
 import (
+	"math"
+
 	waf "github.com/DataDog/go-libddwaf/v3"
 )
 
-type RASPRuleType string
+type RASPRuleType uint8
 
 const (
-	RASPRuleTypeLFI  RASPRuleType = "lfi"
-	RASPRuleTypeSSRF RASPRuleType = "ssrf"
-	RASPRuleTypeSQLI RASPRuleType = "sql_injection"
-	RASPRuleTypeCMDI RASPRuleType = "command_injection"
+	RASPRuleTypeLFI RASPRuleType = iota
+	RASPRuleTypeSSRF
+	RASPRuleTypeSQLI
+	RASPRuleTypeCMDI
 )
 
-func RASPRuleTypes() []RASPRuleType {
-	return []RASPRuleType{
-		RASPRuleTypeLFI,
-		RASPRuleTypeSSRF,
-		RASPRuleTypeSQLI,
-		RASPRuleTypeCMDI,
+var RASPRuleTypes = [...]RASPRuleType{
+	RASPRuleTypeLFI,
+	RASPRuleTypeSSRF,
+	RASPRuleTypeSQLI,
+	RASPRuleTypeCMDI,
+}
+
+func (r RASPRuleType) String() string {
+	switch r {
+	case RASPRuleTypeLFI:
+		return "lfi"
+	case RASPRuleTypeSSRF:
+		return "ssrf"
+	case RASPRuleTypeSQLI:
+		return "sql_injection"
+	case RASPRuleTypeCMDI:
+		return "command_injection"
 	}
+	return "unknown()"
 }
 
 // RASPRuleTypeFromAddressSet returns the RASPRuleType for the given address set if it has a RASP address.
 func RASPRuleTypeFromAddressSet(addressSet waf.RunAddressData) (RASPRuleType, bool) {
 	if addressSet.Scope != waf.RASPScope {
-		return "", false
+		return math.MaxUint8, false
 	}
 
 	for address := range addressSet.Ephemeral {
@@ -46,5 +60,5 @@ func RASPRuleTypeFromAddressSet(addressSet waf.RunAddressData) (RASPRuleType, bo
 		}
 	}
 
-	return "", false
+	return math.MaxUint8, false
 }

internal/appsec/appsec.go

@@ -38,9 +38,6 @@ func RASPEnabled() bool {
 // Start AppSec when enabled is enabled by both using the appsec build tag and
 // setting the environment variable DD_APPSEC_ENABLED to true.
 func Start(opts ...config.StartOption) {
-	telemetry := newAppsecTelemetry()
-	defer telemetry.emit()
-
 	startConfig := config.NewStartConfig(opts...)
 
 	// AppSec can start either:
@@ -54,19 +51,8 @@ func Start(opts ...config.StartOption) {
 		return
 	}
 
-	switch modeOrigin {
-	case config.OriginEnvVar:
-		telemetry.addEnvConfig("DD_APPSEC_ENABLED", mode == config.ForcedOn)
-		if mode == config.ForcedOff {
-			log.Debug("appsec: disabled by the configuration: set the environment variable DD_APPSEC_ENABLED to true to enable it")
-			return
-		}
-	case config.OriginExplicitOption:
-		telemetry.addCodeConfig("WithEnablementMode", mode)
-	}
-
-	// In any case, if we're forced off, we no longer have any business here...
 	if mode == config.ForcedOff {
+		log.Debug("appsec: disabled by the configuration: set the environment variable DD_APPSEC_ENABLED to true to enable it")
 		return
 	}
 
@@ -108,11 +94,17 @@ func Start(opts ...config.StartOption) {
 			return
 		}
 		log.Debug("appsec: awaiting for possible remote activation")
-	} else if err := appsec.start(telemetry); err != nil { // AppSec is specifically enabled
+		setActiveAppSec(appsec)
+		return
+	}
+
+	if err := appsec.start(); err != nil { // AppSec is specifically enabled
 		logUnexpectedStartError(err)
 		appsec.stopRC()
 		return
 	}
+
+	registerAppsecStartTelemetry(mode, modeOrigin)
 	setActiveAppSec(appsec)
 }
 
@@ -156,7 +148,7 @@ func newAppSec(cfg *config.Config) *appsec {
 }
 
 // Start AppSec by registering its security protections according to the configured the security rules.
-func (a *appsec) start(telemetry *appsecTelemetry) error {
+func (a *appsec) start() error {
 	// Load the waf to catch early errors if any
 	if ok, err := waf.Load(); err != nil {
 		// 1. If there is an error and the loading is not ok: log as an unexpected error case and quit appsec
@@ -183,7 +175,6 @@ func (a *appsec) start(telemetry *appsecTelemetry) error {
 	// TODO: log the config like the APM tracer does but we first need to define
 	//   an user-friendly string representation of our config and its sources
 
-	telemetry.setEnabled()
 	return nil
 }
 
@@ -192,10 +183,8 @@ func (a *appsec) stop() {
 	if !a.started {
 		return
 	}
-	telemetry := newAppsecTelemetry()
-	defer telemetry.emit()
-
 	a.started = false
+	registerAppsecStopTelemetry()
 	// Disable RC blocking first so that the following is guaranteed not to be concurrent anymore.
 	a.disableRCBlocking()
 

internal/appsec/config/config.go

@@ -52,7 +52,7 @@ type StartConfig struct {
 	RC *remoteconfig.ClientConfig
 	// IsEnabled is a function that determines whether AppSec is enabled or not. When unset, the
 	// default [IsEnabled] function is used.
-	EnablementMode func() (EnablementMode, Origin, error)
+	EnablementMode func() (EnablementMode, telemetry.Origin, error)
 	// MetaStructAvailable is true if meta struct is supported by the trace agent.
 	MetaStructAvailable bool
 
@@ -70,30 +70,19 @@ const (
 	ForcedOn EnablementMode = 1
 )
 
-type Origin uint8
-
-const (
-	// OriginDefault is the origin of configuration values not explicitly set by the user in any way.
-	OriginDefault Origin = iota
-	// OriginEnvVar is the origin of configuration values set through environment variables.
-	OriginEnvVar
-	// OriginExplicitOption is the origin of configuration values set though explicit options in code.
-	OriginExplicitOption
-)
-
 func NewStartConfig(opts ...StartOption) *StartConfig {
 	c := &StartConfig{
-		EnablementMode: func() (mode EnablementMode, origin Origin, err error) {
+		EnablementMode: func() (mode EnablementMode, origin telemetry.Origin, err error) {
 			enabled, set, err := IsEnabledByEnvironment()
 			if set {
-				origin = OriginEnvVar
+				origin = telemetry.OriginEnvVar
 				if enabled {
 					mode = ForcedOn
 				} else {
 					mode = ForcedOff
 				}
 			} else {
-				origin = OriginDefault
+				origin = telemetry.OriginDefault
 				mode = RCStandby
 			}
 			return mode, origin, err
@@ -109,8 +98,8 @@ func NewStartConfig(opts ...StartOption) *StartConfig {
 // implemented by [IsEnabledByEnvironment].
 func WithEnablementMode(mode EnablementMode) StartOption {
 	return func(c *StartConfig) {
-		c.EnablementMode = func() (EnablementMode, Origin, error) {
-			return mode, OriginExplicitOption, nil
+		c.EnablementMode = func() (EnablementMode, telemetry.Origin, error) {
+			return mode, telemetry.OriginCode, nil
 		}
 	}
 }